US9092301B2ExpiredUtilityA1

Efficient patching

83
Assignee: MICROSOFT CORPPriority: May 11, 2004Filed: Sep 16, 2013Granted: Jul 28, 2015
Est. expiryMay 11, 2024(expired)· nominal 20-yr term from priority
G06F 9/44505G06F 8/67G06F 8/60G06F 8/71G06F 8/61G06F 8/65G06F 8/656G06F 9/30G06F 8/54
83
PatentIndex Score
6
Cited by
138
References
37
Claims

Abstract

A facility for applying a software patch is described. Using an automatic patching agent, the facility receives the software patch. In response to receiving the software patch, without user intervention, the facility performs the following acts: First, the facility identifies an instance of an executable module that is currently loaded, and to which the received software patch pertains. Second, the facility applies the received software patch to the identified loaded executable module instance to modify the behavior of the identified executable module instance.

Claims

exact text as granted — not AI-modified
We claim: 
     
       1. A method for applying versions of a parameter validation software patch to instances of an executable module, the method comprising:
 sending, to an automated patching agent of a receiving computing system, a version of the parameter validation software patch, wherein the version of the parameter validation software patch is configured to be applied, without user intervention, by:
 detecting, by the receiving computing system, a loading operation configured to transfer, from a non-volatile memory to a volatile memory, an instance of an executable module to which the received version of the parameter validation software patch pertains; and 
 in response to detecting the loading operation, applying, by the automated patching agent, the received version of the parameter validation software patch to the instance of the executable module in volatile memory thereby modifying the instance of the executable module, such that behavior of the instance of the executable module in volatile memory is modified, wherein modifying the behavior of the instance of the executable module includes adding parameter validation functionality to a designated function within the instance of the executable module. 
 
 
     
     
       2. The method of  claim 1 , wherein the version of the parameter validation software patch is a first version of the parameter validation software patch and wherein the method further comprises:
 sending, to the automated patching agent, a second version of the parameter validation software patch, wherein the second version of the parameter validation software patch is configured to be applied, without user intervention, by:
 locating, in the non-volatile memory, by the receiving computing system, a stored instance of the executable module to which the received second version of the parameter validation software patch pertains; and 
 in response to locating, in the non-volatile memory, the stored instance of the executable module, applying, by the automated patching agent, the received second version of the parameter validation software patch to the stored instance of the executable module in the non-volatile memory. 
 
 
     
     
       3. The method of  claim 1 , wherein the loading operation is a first loading operation and the instance of the executable module is a first instance of the executable module, and wherein the version of the parameter validation software patch is further configured to be applied by:
 detecting, by the receiving computing system, a second loading operation configured to transfer a second instance of the executable module from the non-volatile memory to the volatile memory; and 
 in response to the detection of the second loading operation, applying the received version of the parameter validation software patch to the second instance of the executable module in volatile memory to modify the second instance of the executable module, such that the behavior of the second instance of the executable module in volatile memory is modified. 
 
     
     
       4. The method of  claim 1 , wherein the loading operation is a first loading operation and the instance of the executable module is a first instance of the executable module, and wherein the version of the parameter validation software patch is further configured to be applied by:
 determining that the version of the parameter validation software patch is enabled by checking a patch table to determine that there is an entry for the version of the parameter validation software patch or by checking a configuration setting in the patch table indicating that the version of the parameter validation software patch is enabled; and 
 in response to determining that the version of the parameter validation software patch is enabled, applying the received version of the parameter validation software patch to a second instance of the executable module in volatile memory such that the behavior of the second instance of the executable module in volatile memory is modified. 
 
     
     
       5. The method of  claim 1 , wherein the executable module is received by the receiving computing system after the receiving computing system receives the version of the parameter validation software patch. 
     
     
       6. The method of  claim 1 , wherein two software patches are received pertaining to the same executable module, and both received software patches are applied to modify the behavior of the instance of the executable module. 
     
     
       7. The method of  claim 6 , wherein the two received patches pertain to different locations in the instance of the executable module. 
     
     
       8. The method of  claim 6 , wherein the two received patches pertain to the same locations in the instance of the executable module. 
     
     
       9. The method of  claim 8 , wherein the received patches are applied such that both behavior modifications specified by the patches are exhibited by the patched instance of the executable module. 
     
     
       10. The method of  claim 8 , wherein the received patches are applied such that only the behavior modification of a dominant one of the two received software patches is exhibited by the instance of the executable module. 
     
     
       11. The method of  claim 1 , wherein the instance of the executable module to which the version of the parameter validation software patch pertains is identified from among a plurality of executable module instances, and wherein the received version of the parameter validation software patch is applied using module instance-specific information for the instance of the executable module contained in the received version of the parameter validation software patch. 
     
     
       12. The method of  claim 11 , wherein the module instance-specific information for the instance of the executable module contained in the received version of the parameter validation software patch specifies an offset within the instance of the executable module at which to modify the behavior of the instance of the executable module. 
     
     
       13. The method of  claim 12 , wherein the module instance-specific information for the instance of the executable module contained in the received version of the parameter validation software patch further specifies content of the instance of the executable module that is expected to appear at a specified offset before the received version of the parameter validation software patch is applied. 
     
     
       14. The method of  claim 11 , wherein the plurality of executable module instances are each a different version of the same executable module. 
     
     
       15. The method of  claim 1 , wherein the received version of the parameter validation software patch contains code specifying how to modify the behavior of the instance of the executable module. 
     
     
       16. The method of  claim 1 , wherein the received version of the parameter validation software patch contains data specifying how to modify the behavior of the instance of the executable module. 
     
     
       17. The method of  claim 1 , wherein the executable module is an independently-executable module. 
     
     
       18. The method of  claim 1 , wherein the executable module is a library. 
     
     
       19. The method of  claim 1 , wherein the executable module is a script. 
     
     
       20. The method of  claim 1 , wherein the executable module is a managed code module. 
     
     
       21. The method of  claim 1 , wherein the version of the parameter validation software patch comprises a signature demonstrating that the version of the parameter validation software patch was produced by a designated patch authority, and that the version of the parameter validation software patch has not been modified since the signature was generated. 
     
     
       22. The method of  claim 21 , wherein:
 the signature is a first signature and a first signer identity is associated with the first signature; 
 a second signer identity is associated with a second signature of the executable software module; and 
 the method further comprises:
 discerning the first signer identity and the second signer identity; and 
 determining that the discerned first signer identity and the second signer identity match before applying the parameter validation software patch. 
 
 
     
     
       23. A computer-readable memory storing instructions, the instructions configured to, when executed by a computing device, perform operations for applying versions of a parameter validation software patch to instances of an executable module, the operations comprising:
 sending, to an automated patching agent of a receiving computing system, a version of the parameter validation software patch, wherein the version of the parameter validation software patch is configured to be applied, without user intervention, by:
 detecting, by the receiving computing system, a loading operation configured to transfer, from a non-volatile memory to a volatile memory, an instance of an executable module to which the received version of the parameter validation software patch pertains; and 
 in response to detecting the loading operation, applying, by the automated patching agent, the received version of the parameter validation software patch to the instance of the executable module in volatile memory thereby modifying the instance of the executable module, such that behavior of the instance of the executable module in volatile memory is modified, wherein modifying the behavior of the instance of the executable module includes adding parameter validation functionality to a designated function within the instance of the executable module. 
 
 
     
     
       24. The computer-readable memory of  claim 23 , wherein the version of the parameter validation software patch is a first version of the parameter validation software patch and wherein the operations further comprise:
 sending, to the automated patching agent, a second version of the parameter validation software patch, wherein the second version of the parameter validation software patch is configured to be applied, without user intervention, by:
 locating, in the non-volatile memory, by the receiving computing system, a stored instance of the executable module to which the received second version of the parameter validation software patch pertains; and 
 in response to locating, in the non-volatile memory, the stored instance of the executable module, applying, by the automated patching agent, the received second version of the parameter validation software patch to the stored instance of the executable module in the non-volatile memory. 
 
 
     
     
       25. The computer-readable memory of  claim 23 , wherein the loading operation is a first loading operation and the instance of the executable module is a first instance of the executable module, and wherein the version of the parameter validation software patch is further configured to be applied by:
 detecting, by the receiving computing system, a second loading operation configured to transfer a second instance of the executable module from the non-volatile memory to the volatile memory; and 
 in response to the detection of the second loading operation, applying the received version of the parameter validation software patch to the second instance of the executable module in volatile memory to modify the second instance of the executable module, such that the behavior of the second instance of the executable module in volatile memory is modified. 
 
     
     
       26. The computer-readable memory of  claim 23 , wherein the executable module is received by the receiving computing system after the receiving computing system receives the version of the parameter validation software patch. 
     
     
       27. The computer-readable memory of  claim 23 , wherein the received version of the parameter validation software patch contains code specifying how to modify the behavior of the instance of the executable module. 
     
     
       28. The computer-readable memory of  claim 23 , wherein the received version of the parameter validation software patch contains data specifying how to modify the behavior of the instance of the executable module. 
     
     
       29. The computer-readable memory of  claim 23 , wherein the version of the parameter validation software patch comprises a signature demonstrating that the version of the parameter validation software patch was produced by a designated patch authority, and that the version of the parameter validation software patch has not been modified since the signature was generated. 
     
     
       30. A system for applying versions of a parameter validation software patch to instances of an executable module, the system comprising:
 one or more processors; 
 a memory; and 
 a transceiver configured to, using the processor, send to an automated patching agent of a receiving computing system, a version of the parameter validation software patch, wherein the version of the parameter validation software patch is configured to be applied, without user intervention, by:
 detecting, by the receiving computing system, a loading operation configured to transfer, from a non-volatile memory to a volatile memory, an instance of an executable module to which the received version of the parameter validation software patch pertains; and 
 in response to detecting the loading operation, applying, by the automated patching agent, the received version of the parameter validation software patch to the instance of the executable module in volatile memory thereby modifying the instance of the executable module, such that behavior of the instance of the executable module in volatile memory is modified, wherein the modified behavior of the instance of the executable module includes not performing at least one operation that the executable module would have performed in the executable module's unmodified state. 
 
 
     
     
       31. The system of  claim 30 , wherein the version of the parameter validation software patch is a first version of the parameter validation software patch and wherein the transceiver is further configured to:
 send, to the automated patching agent, a second version of the parameter validation software patch, wherein the second version of the parameter validation software patch is configured to be applied, without user intervention, by:
 locating, in the non-volatile memory, by the receiving computing system, a stored instance of the executable module to which the received second version of the parameter validation software patch pertains; and 
 in response to locating, in the non-volatile memory, the stored instance of the executable module, applying, by the automated patching agent, the received second version of the parameter validation software patch to the stored instance of the executable module in the non-volatile memory. 
 
 
     
     
       32. The system of  claim 30 , wherein the loading operation is a first loading operation and the instance of the executable module is a first instance of the executable module, and wherein the version of the parameter validation software patch is further configured to be applied by:
 detecting, by the receiving computing system, a second loading operation configured to transfer a second instance of the executable module from the non-volatile memory to the volatile memory; and 
 in response to the detection of the second loading operation, applying the received version of the parameter validation software patch to the second instance of the executable module in volatile memory to modify the second instance of the executable module, such that the behavior of the second instance of the executable module in volatile memory is modified. 
 
     
     
       33. The system of  claim 30 , wherein the executable module is received by the receiving computing system after the receiving computing system receives the parameter validation version of the software patch. 
     
     
       34. The system of  claim 30 , wherein the received version of the parameter validation software patch contains code specifying how to modify the behavior of the instance of the executable module. 
     
     
       35. The system of  claim 30 , wherein the received version of the parameter validation software patch contains data specifying how to modify the behavior of the instance of the executable module. 
     
     
       36. The system of  claim 30 , wherein the received version of the parameter validation software patch specifies modifying the behavior of the instance of the executable module to add parameter validation functionality to a designated function within the instance of the executable module. 
     
     
       37. The system of  claim 30 , wherein the version of the software patch comprises a signature demonstrating that the version of the software patch was produced by a designated patch authority, and that the version of the parameter validation software patch has not been modified since the signature was generated.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.